Revision as of 13:00, 17 November 2012

This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.

Check and Report.

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions in the security forum clearly marked with the first word in the title being Vulnerable where the security moderators or JSST team will respond. This list is change protected, for additions or updates emailvel @ joomla.org

How to use this list

Items will be removed after a suitable period and not on resolution.

All known vulnerable extensions are the listed in the first column "Extension". Any in a red box are where we have not been given a fix. Any in a turquoise box contain a link to the notice about an update with link. Any that are in an uncolored box are a "Contact the Developer About This Extension". Alert Advisory details are in the center column. If the "Extension Update Link & Date Column has Not Known then it is where no update is known.

This list is compiled from found information and may not be an up to date accurate listWe do NOT promise to test or validate these reports. We do NOT guarantee the quality or effectiveness of any updates reported to us or listed here. To sign up for the feed please follow this link

We do not list BETA products, or extensions for J1.0.x

Developers - How to get yourself removed from the VEL

Resolved items will be removed after a suitable period and not on resolution

Please solve the issues and:

If JED listed

To have your extension republished, please follow these steps:

1- Solve the issues.

2- Attach the new zip file at your actual JED listing.

3- Change the extension version at JED listing.

4- Make sure to include a notice in the JED description to the fact that the new release is a "Security Release" and those who use the extension should upgrade immediately.

5- Create a JED listing owner ticket to the JED with a notice and ask that your listing be republished. Include the full details of yournew version number and security notice page

6- Email the VEL team with a notice of resolution, the latest version number and a link to the security release statement on your website

VEL email can be found above and the JED support link is in your notice of "unpublication" and here

If not JED listed.

Inform us by email with a notice of resolution, the latest version number and a link to the security release statement on your website.

Joomla Discussions Component

HD Video Share (contushdvideoshare)

Simple File Upload 1.3

January 2011 - Jan 2012 Reported Vulnerable Extensions

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond or via email to the VEL team. For a guide to the codes